IMP(shellcheck): comply with shellcheck rules

I added shellcheck prefixes to fix: * SC1091 (following sourced files) * SC2034 (unused variables)
2024-11-22 05:27:01 +01:00 · 2020-11-27 09:18:00 +01:00 · 2020-11-27 09:18:00 +01:00 · c17d04ecc2
commit c17d04ecc2
parent cccc0881e9
207 changed files with 850 additions and 79 deletions
--- a/bin/hardening/1.1.1.1_disable_freevxfs.sh
+++ b/bin/hardening/1.1.1.1_disable_freevxfs.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of freevxfs filesystems."

 KERNEL_OPTION="CONFIG_VXFS_FS"
@ -46,6 +48,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -56,6 +59,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.1.2_disable_jffs2.sh
+++ b/bin/hardening/1.1.1.2_disable_jffs2.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of jffs2 filesystems."

 KERNEL_OPTION="CONFIG_JFFS2_FS"
@ -46,6 +48,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -56,6 +59,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.1.3_disable_hfs.sh
+++ b/bin/hardening/1.1.1.3_disable_hfs.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of hfs filesystems."

 KERNEL_OPTION="CONFIG_HFS_FS"
@ -46,6 +48,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -56,6 +59,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.1.4_disable_hfsplus.sh
+++ b/bin/hardening/1.1.1.4_disable_hfsplus.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of hfsplus filesystems."

 KERNEL_OPTION="CONFIG_HFSPLUS_FS"
@ -46,6 +48,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -56,6 +59,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.1.5_disable_udf.sh
+++ b/bin/hardening/1.1.1.5_disable_udf.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of udf filesystems."

 KERNEL_OPTION="CONFIG_UDF_FS"
@ -46,6 +48,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -56,6 +59,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.1.6_disable_cramfs.sh
+++ b/bin/hardening/1.1.1.6_disable_cramfs.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of cramfs filesystems."

 KERNEL_OPTION="CONFIG_CRAMFS"
@ -48,6 +50,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -58,6 +61,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.1.7_disable_squashfs.sh
+++ b/bin/hardening/1.1.1.7_disable_squashfs.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of squashfs filesytems."

 KERNEL_OPTION="CONFIG_SQUASHFS"
@ -48,6 +50,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -58,6 +61,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.10_var_tmp_noexec.sh
+++ b/bin/hardening/1.1.10_var_tmp_noexec.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="/var/tmp partition with noexec option."

 # Quick factoring as many script use the same logic
@ -71,6 +73,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -81,6 +84,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.11_var_log_partition.sh
+++ b/bin/hardening/1.1.11_var_log_partition.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="/var/log on separate partition."

 # Quick factoring as many script use the same logic
@ -58,6 +60,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -68,6 +71,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.12_var_log_audit_partition.sh
+++ b/bin/hardening/1.1.12_var_log_audit_partition.sh
@ -11,7 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="/var/log/audit on a separate partition."

 # Quick factoring as many script use the same logic
@ -57,6 +59,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -67,6 +70,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.13_home_partition.sh
+++ b/bin/hardening/1.1.13_home_partition.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="/home on a separate partition."

 # Quick factoring as many script use the same logic
@ -58,6 +60,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -68,6 +71,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.14_home_nodev.sh
+++ b/bin/hardening/1.1.14_home_nodev.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="/home partition with nodev option."

 # Quick factoring as many script use the same logic
@ -71,6 +73,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -81,6 +84,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.15_run_shm_nodev.sh
+++ b/bin/hardening/1.1.15_run_shm_nodev.sh
@ -74,6 +74,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -84,8 +85,8 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
-    # shellcheck source=/opt/debian-cis/lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    # shellcheck source=../../lib/main.sh
+    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
    exit 128
--- a/bin/hardening/1.1.16_run_shm_nosuid.sh
+++ b/bin/hardening/1.1.16_run_shm_nosuid.sh
@ -74,6 +74,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -84,8 +85,8 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
-    # shellcheck source=/opt/debian-cis/lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    # shellcheck source=../../lib/main.sh
+    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
    exit 128
--- a/bin/hardening/1.1.17_run_shm_noexec.sh
+++ b/bin/hardening/1.1.17_run_shm_noexec.sh
@ -74,6 +74,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -84,8 +85,8 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
-    # shellcheck source=/opt/debian-cis/lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    # shellcheck source=../../lib/main.sh
+    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
    exit 128
--- a/bin/hardening/1.1.18_removable_device_nodev.sh
+++ b/bin/hardening/1.1.18_removable_device_nodev.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="nodev option for removable media partitions."

 # Fair warning, it only checks /media.* like partition in fstab, it's not exhaustive
@ -59,6 +61,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -69,6 +72,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.19_removable_device_nosuid.sh
+++ b/bin/hardening/1.1.19_removable_device_nosuid.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="nosuid option for removable media partitions."

 # Fair warning, it only checks /media.* like partition in fstab, it's not exhaustive
@ -59,6 +61,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -69,6 +72,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.20_removable_device_noexec.sh
+++ b/bin/hardening/1.1.20_removable_device_noexec.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="noexec option for removable media partitions."

 # Fair warning, it only checks /media.* like partition in fstab, it's not exhaustive
@ -59,6 +61,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -69,6 +72,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh
+++ b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Set sticky bit on world writable directories to prevent users from deleting or renaming files that are not owned by them."

 # This function will be called if the script status is on enabled / audit mode
@ -47,6 +49,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -57,6 +60,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.22_disable_automounting.sh
+++ b/bin/hardening/1.1.22_disable_automounting.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable automounting of devices."

 SERVICE_NAME="autofs"
@ -47,6 +49,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -57,6 +60,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.2_tmp_partition.sh
+++ b/bin/hardening/1.1.2_tmp_partition.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure /tmp is configured (Scored)"

 # Quick factoring as many script use the same logic
@ -58,6 +60,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -68,6 +71,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.3_tmp_nodev.sh
+++ b/bin/hardening/1.1.3_tmp_nodev.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="/tmp partition with nodev option."

 # Quick factoring as many script use the same logic
@ -71,6 +73,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -81,6 +84,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.4_tmp_nosuid.sh
+++ b/bin/hardening/1.1.4_tmp_nosuid.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="/tmp partition with nosuid option."

 # Quick factoring as many script use the same logic
@ -71,6 +73,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -81,6 +84,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.5_tmp_noexec.sh
+++ b/bin/hardening/1.1.5_tmp_noexec.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="/tmp partition with noexec option."

 # Quick factoring as many script use the same logic
@ -71,6 +73,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -81,6 +84,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.6_var_partition.sh
+++ b/bin/hardening/1.1.6_var_partition.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="/var on a separate partition."

 # Quick factoring as many script use the same logic
@ -60,6 +62,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -70,6 +73,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.7_var_tmp_partition.sh
+++ b/bin/hardening/1.1.7_var_tmp_partition.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="/var/tmp on a separate partition."

 # Quick factoring as many script use the same logic
@ -60,6 +62,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -70,6 +73,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.8_var_tmp_nodev.sh
+++ b/bin/hardening/1.1.8_var_tmp_nodev.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="/var/tmp partition with nodev option."

 # Quick factoring as many script use the same logic
@ -71,6 +73,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -81,6 +84,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.1.9_var_tmp_nosuid.sh
+++ b/bin/hardening/1.1.9_var_tmp_nosuid.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="/var/tmp partition with nosuid option."

 # Quick factoring as many script use the same logic
@ -71,6 +73,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -81,6 +84,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.4.1_bootloader_ownership.sh
+++ b/bin/hardening/1.4.1_bootloader_ownership.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=1
+# shellcheck disable=2034
 DESCRIPTION="User and group root owner of grub bootloader config."

 # Assertion : Grub Based.
@ -85,6 +87,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -95,6 +98,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.4.2_bootloader_password.sh
+++ b/bin/hardening/1.4.2_bootloader_password.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Setting bootloader password to secure boot parameters."

 FILE='/boot/grub/grub.cfg'
@ -67,6 +69,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -77,6 +80,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.4.3_root_password.sh
+++ b/bin/hardening/1.4.3_root_password.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Root password for single user mode."

 FILE="/etc/shadow"
@ -46,6 +48,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -56,6 +59,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.5.1_restrict_core_dumps.sh
+++ b/bin/hardening/1.5.1_restrict_core_dumps.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Restrict core dumps."

 LIMIT_FILE='/etc/security/limits.conf'
@ -82,6 +84,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -92,6 +95,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.5.2_enable_nx_support.sh
+++ b/bin/hardening/1.5.2_enable_nx_support.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Enable NoExecute/ExecuteDisable to prevent buffer overflow attacks."

 PATTERN='NX[[:space:]]\(Execute[[:space:]]Disable\)[[:space:]]protection:[[:space:]]active'
@ -68,6 +70,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -78,6 +81,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.5.3_enable_randomized_vm_placement.sh
+++ b/bin/hardening/1.5.3_enable_randomized_vm_placement.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Enable Randomized Virtual Memory Region Placement to prevent memory page exploits."

 SYSCTL_PARAM='kernel.randomize_va_space'
@ -50,6 +52,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -60,6 +63,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.5.4_disable_prelink.sh
+++ b/bin/hardening/1.5.4_disable_prelink.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable prelink to prevent libraries compromission."

 PACKAGE='prelink'
@ -49,6 +51,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -59,6 +62,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.6.2.1_enable_apparmor.sh
+++ b/bin/hardening/1.6.2.1_enable_apparmor.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Activate AppArmor to enforce permissions control."

 PACKAGE='apparmor'
@ -85,6 +87,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -95,6 +98,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.7.1.1_remove_os_info_motd.sh
+++ b/bin/hardening/1.7.1.1_remove_os_info_motd.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Remove OS information from motd"

 FILE='/etc/motd'
@ -46,6 +48,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -56,6 +59,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.7.1.2_remove_os_info_issue.sh
+++ b/bin/hardening/1.7.1.2_remove_os_info_issue.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Remove OS information from Login Warning Banners."

 FILE='/etc/issue'
@ -46,6 +48,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -56,6 +59,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.7.1.3_remove_os_info_issue_net.sh
+++ b/bin/hardening/1.7.1.3_remove_os_info_issue_net.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Remove OS information from remote Login Warning Banners."

 FILE='/etc/issue.net'
@ -46,6 +48,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -56,6 +59,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.7.1.4_motd_perms.sh
+++ b/bin/hardening/1.7.1.4_motd_perms.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Checking root ownership and 644 permissions on banner files: /etc/motd|issue|issue.net ."

 PERMISSIONS='644'
@ -71,6 +73,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -81,6 +84,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.7.1.5_etc_issue_perms.sh
+++ b/bin/hardening/1.7.1.5_etc_issue_perms.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Checking root ownership and 644 permissions on banner files: /etc/motd|issue|issue.net ."

 PERMISSIONS='644'
@ -71,6 +73,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -81,6 +84,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.7.1.6_etc_issue_net_perms.sh
+++ b/bin/hardening/1.7.1.6_etc_issue_net_perms.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Checking root ownership and 644 permissions on banner files: /etc/motd|issue|issue.net ."

 PERMISSIONS='644'
@ -71,6 +73,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -81,6 +84,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.7.2_graphical_warning_banners.sh
+++ b/bin/hardening/1.7.2_graphical_warning_banners.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Set graphical warning banner."

 # This function will be called if the script status is on enabled / audit mode
@ -32,6 +34,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -42,6 +45,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/1.8_install_updates.sh
+++ b/bin/hardening/1.8_install_updates.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure updates, patches, and additional security software are installed (Not Scored)"

 # This function will be called if the script status is on enabled / audit mode
@ -48,6 +50,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -58,6 +61,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.1.1_disable_xinetd.sh
+++ b/bin/hardening/2.1.1_disable_xinetd.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure xinetd is not enabled."

 PACKAGE='xinetd'
@ -46,6 +48,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -56,6 +59,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.1.2_disable_bsd_inetd.sh
+++ b/bin/hardening/2.1.2_disable_bsd_inetd.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure bsd-inetd is not enabled."

 PACKAGES='openbsd-inetd inetutils-inetd'
@ -50,6 +52,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -60,6 +63,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.1.1_use_time_sync.sh
+++ b/bin/hardening/2.2.1.1_use_time_sync.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure time synchronization is in use"

 PACKAGES="ntp chrony"
@ -44,6 +46,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -52,6 +55,13 @@ if [ -z "$CIS_ROOT_DIR" ]; then
    exit 128
 fi

-# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
-[ -r "$CIS_ROOT_DIR"/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh
+
+# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
+if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
+    . $CIS_ROOT_DIR/lib/main.sh
+else
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    exit 128
+fi

--- a/bin/hardening/2.2.1.2_configure_ntp.sh
+++ b/bin/hardening/2.2.1.2_configure_ntp.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Configure Network Time Protocol (ntp). Check restrict parameters and ntp daemon runs ad unprivileged user."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=ntp

 PACKAGE='ntp'
@ -79,6 +82,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -89,6 +93,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.1.3_configure_chrony.sh
+++ b/bin/hardening/2.2.1.3_configure_chrony.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Configure Network Time Protocol (ntp). Check restrict parameters and ntp daemon runs ad unprivileged user."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=ntp

 PACKAGE=chrony
@ -48,6 +51,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -58,6 +62,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.10_disable_http_server.sh
+++ b/bin/hardening/2.2.10_disable_http_server.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure HTTP server is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=http

 # Based on aptitude search '~Phttpd'
@ -52,6 +55,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -62,6 +66,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.11_disable_imap_pop.sh
+++ b/bin/hardening/2.2.11_disable_imap_pop.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure IMAP and POP servers are not installed"
+# shellcheck disable=2034
 HARDENING_EXCEPTION=mail

 # Based on aptitude search '~Pimap-server' and  aptitude search '~Ppop3-server'
@ -52,6 +55,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -62,6 +66,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.12_disable_samba.sh
+++ b/bin/hardening/2.2.12_disable_samba.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure Samba is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=samba

 PACKAGES='samba'
@ -65,6 +68,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -75,6 +79,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.13_disable_http_proxy.sh
+++ b/bin/hardening/2.2.13_disable_http_proxy.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure HTTP-proxy is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=http

 PACKAGES='squid3 squid'
@ -51,6 +54,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -61,6 +65,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.14_disable_snmp_server.sh
+++ b/bin/hardening/2.2.14_disable_snmp_server.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Enure SNMP server is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=snmp

 PACKAGES='snmpd'
@ -51,6 +54,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -61,6 +65,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.15_mta_localhost.sh
+++ b/bin/hardening/2.2.15_mta_localhost.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Configure Mail Transfert Agent for Local-Only Mode."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=mail

 # This function will be called if the script status is on enabled / audit mode
@ -60,6 +63,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -70,6 +74,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.16_disable_rsync.sh
+++ b/bin/hardening/2.2.16_disable_rsync.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure rsync service is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=rsync

 PACKAGE='rsync'
@ -62,6 +65,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -72,6 +76,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.18_disable_telnet_server.sh
+++ b/bin/hardening/2.2.18_disable_telnet_server.sh
@ -14,7 +14,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ensure telnet server is not enabled. Recommended alternative : sshd (OpenSSH-server)."

 # Based on  aptitude search '~Ptelnet-server'
@ -81,6 +83,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -91,6 +94,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.2_disable_xwindow_system.sh
+++ b/bin/hardening/2.2.2_disable_xwindow_system.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure the X Window system is not installed."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=x11

 # Based on aptitude search '~Pxserver'
@ -52,6 +55,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -62,6 +66,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.3_disable_avahi_server.sh
+++ b/bin/hardening/2.2.3_disable_avahi_server.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure Avahi server is not enabled."

 PACKAGES='avahi-daemon libavahi-common-data libavahi-common3 libavahi-core7'
@ -50,6 +52,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -60,6 +63,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.4_disable_print_server.sh
+++ b/bin/hardening/2.2.4_disable_print_server.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure print server (Common Unix Print System) is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=cups

 PACKAGES='libcups2 libcupscgi1 libcupsimage2 libcupsmime1 libcupsppdc1 cups-common cups-client cups-ppdc libcupsfilters1 cups-filters cups'
@ -51,6 +54,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -61,6 +65,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.5_disable_dhcp.sh
+++ b/bin/hardening/2.2.5_disable_dhcp.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure DHCP server is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=dhcp

 PACKAGES='udhcpd isc-dhcp-server'
@ -51,6 +54,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -61,6 +65,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.6_disable_ldap.sh
+++ b/bin/hardening/2.2.6_disable_ldap.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure LDAP is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=ldap

 PACKAGES='slapd'
@ -51,6 +54,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -61,6 +65,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.7_disable_nfs_rpc.sh
+++ b/bin/hardening/2.2.7_disable_nfs_rpc.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure Network File System (nfs) and RPC are not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=nfs

 PACKAGES='rpcbind nfs-kernel-server'
@ -51,6 +54,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -61,6 +65,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.8_disable_dns_server.sh
+++ b/bin/hardening/2.2.8_disable_dns_server.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure Domain Name System (dns) server is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=dns

 PACKAGES='bind9 unbound'
@ -51,6 +54,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -61,6 +65,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.2.9_disable_ftp.sh
+++ b/bin/hardening/2.2.9_disable_ftp.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure File Transfer Protocol (ftp) is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=ftp

 # Based on aptitude search '~Pftp-server'
@ -52,6 +55,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -62,6 +66,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.3.1_disable_nis.sh
+++ b/bin/hardening/2.3.1_disable_nis.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure that Network Information Service is not installed. Recommended alternative : LDAP."

 PACKAGE='nis'
@ -47,6 +49,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -57,6 +60,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.3.2_disable_rsh_client.sh
+++ b/bin/hardening/2.3.2_disable_rsh_client.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ensure rsh client is not installed, Recommended alternative : ssh."

 # Based on aptitude search '~Prsh-client', exluding ssh-client OFC
@ -51,6 +53,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -61,6 +64,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.3.3_disable_talk_client.sh
+++ b/bin/hardening/2.3.3_disable_talk_client.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ensure talk client is not installed."

 PACKAGES='talk inetutils-talk'
@ -50,6 +52,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -60,6 +63,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.3.4_disable_telnet_client.sh
+++ b/bin/hardening/2.3.4_disable_telnet_client.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ensure telnet client is not installed."

 PACKAGES='telnet'
@ -50,6 +52,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -60,6 +63,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/2.3.5_disable_ldap_client.sh
+++ b/bin/hardening/2.3.5_disable_ldap_client.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ensure ldap client is not installed."

 PACKAGES='ldap-utils'
@ -50,6 +52,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -60,6 +63,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.1.1_disable_ip_forwarding.sh
+++ b/bin/hardening/3.1.1_disable_ip_forwarding.sh
@ -13,8 +13,10 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
 HARDENING_EXCEPTION=gw
+# shellcheck disable=2034
 DESCRIPTION="Disable IP forwarding."

 SYSCTL_PARAMS='net.ipv4.ip_forward net.ipv6.conf.all.forwarding'
@ -60,6 +62,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -70,6 +73,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.1.2_disable_send_packet_redirects.sh
+++ b/bin/hardening/3.1.2_disable_send_packet_redirects.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable send packet redirects to prevent malicious ICMP corruption."

 #net.ipv4.conf.all.send_redirects = 0
@ -62,6 +64,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -72,6 +75,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.2.1_disable_source_routed_packets.sh
+++ b/bin/hardening/3.2.1_disable_source_routed_packets.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable source routed packet acceptance."
 # set in config file
 SYSCTL_PARAMS=''
@ -71,6 +73,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -81,6 +84,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.2.2_disable_icmp_redirect.sh
+++ b/bin/hardening/3.2.2_disable_icmp_redirect.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable ICMP redirect acceptance to prevent routing table corruption."
 # set in config file
 SYSCTL_PARAMS=''
@ -72,6 +74,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -82,6 +85,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.2.3_disable_secure_icmp_redirect.sh
+++ b/bin/hardening/3.2.3_disable_secure_icmp_redirect.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable secure ICMP redirect acceptance to prevent routing tables corruptions."

 SYSCTL_PARAMS='net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.default.secure_redirects=0'
@ -60,6 +62,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -70,6 +73,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.2.4_log_martian_packets.sh
+++ b/bin/hardening/3.2.4_log_martian_packets.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Log suspicious packets, like spoofed packets."

 SYSCTL_PARAMS='net.ipv4.conf.all.log_martians=1 net.ipv4.conf.default.log_martians=1'
@ -60,6 +62,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -70,6 +73,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.2.5_ignore_broadcast_requests.sh
+++ b/bin/hardening/3.2.5_ignore_broadcast_requests.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ignore broadcast requests to prevent attacks such as Smurf attack."

 SYSCTL_PARAMS='net.ipv4.icmp_echo_ignore_broadcasts=1'
@ -60,6 +62,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -70,6 +73,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.2.6_enable_bad_error_message_protection.sh
+++ b/bin/hardening/3.2.6_enable_bad_error_message_protection.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Enable bad error message protection to prevent logfiles fillup."

 SYSCTL_PARAMS='net.ipv4.icmp_ignore_bogus_error_responses=1'
@ -60,6 +62,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -70,6 +73,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.2.7_enable_source_route_validation.sh
+++ b/bin/hardening/3.2.7_enable_source_route_validation.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Enable RFC-recommended source route validation."

 SYSCTL_PARAMS='net.ipv4.conf.all.rp_filter=1 net.ipv4.conf.default.rp_filter=1'
@ -60,6 +62,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -70,6 +73,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.2.8_enable_tcp_syn_cookies.sh
+++ b/bin/hardening/3.2.8_enable_tcp_syn_cookies.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Enable TCP-SYN cookie to prevent TCP-SYN flood attack."

 SYSCTL_PARAMS='net.ipv4.tcp_syncookies=1'
@ -60,6 +62,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -70,6 +73,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.2.9_disable_ipv6_router_advertisement.sh
+++ b/bin/hardening/3.2.9_disable_ipv6_router_advertisement.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable IPv6 router advertisements."

 SYSCTL_PARAMS='net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0'
@ -70,6 +72,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -80,6 +83,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.3.1_install_tcp_wrapper.sh
+++ b/bin/hardening/3.3.1_install_tcp_wrapper.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Install TCP wrappers for simple access list management and standardized logging method for services."

 PACKAGE='tcpd'
@ -45,6 +47,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -55,6 +58,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.3.2_hosts_allow.sh
+++ b/bin/hardening/3.3.2_hosts_allow.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Create /etc/hosts.allow ."

 FILE='/etc/hosts.allow'
@ -46,6 +48,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -56,6 +59,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.3.3_hosts_deny.sh
+++ b/bin/hardening/3.3.3_hosts_deny.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Create /etc/hosts.deny ."

 FILE='/etc/hosts.deny'
@ -60,6 +62,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -70,6 +73,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.3.4_hosts_allow_permissions.sh
+++ b/bin/hardening/3.3.4_hosts_allow_permissions.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Check 644 permissions and root:root ownership on /hosts.allow ."

 FILE='/etc/hosts.allow'
@ -54,6 +56,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -64,6 +67,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.3.5_hosts_deny_permissions.sh
+++ b/bin/hardening/3.3.5_hosts_deny_permissions.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Check 644 permissions and root:root ownership on /etc/hosts.deny ."

 FILE='/etc/hosts.deny'
@ -54,6 +56,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -64,6 +67,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.4.1_disable_dccp.sh
+++ b/bin/hardening/3.4.1_disable_dccp.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable Datagram Congestion Control Protocol (DCCP)."

 # This function will be called if the script status is on enabled / audit mode
@ -32,6 +34,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -42,6 +45,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.4.2_disable_sctp.sh
+++ b/bin/hardening/3.4.2_disable_sctp.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable Stream Control Transmission Protocol (SCTP)."

 # This function will be called if the script status is on enabled / audit mode
@ -32,6 +34,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -42,6 +45,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.4.3_disable_rds.sh
+++ b/bin/hardening/3.4.3_disable_rds.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable Reliable Datagram Sockets (RDS)."

 # This function will be called if the script status is on enabled / audit mode
@ -32,6 +34,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -42,6 +45,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.4.4_disable_tipc.sh
+++ b/bin/hardening/3.4.4_disable_tipc.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable Transperent Inter-Process Communication (TIPC)."

 # This function will be called if the script status is on enabled / audit mode
@ -32,6 +34,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -42,6 +45,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.5.1.1_net_fw_default_policy_drop.sh
+++ b/bin/hardening/3.5.1.1_net_fw_default_policy_drop.sh
@ -61,6 +61,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -71,8 +72,8 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
-    # shellcheck source=/opt/debian-cis/lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    # shellcheck source=../../lib/main.sh
+    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
    exit 128
--- a/bin/hardening/3.5_enable_firewall.sh
+++ b/bin/hardening/3.5_enable_firewall.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ensure firewall is active (iptables is installed, does not check for its configuration)."

 # Quick note here : CIS recommends your iptables rules to be persistent. 
@ -48,6 +50,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -58,6 +61,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.6_disable_wireless.sh
+++ b/bin/hardening/3.6_disable_wireless.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Deactivate wireless interfaces."

 # This function will be called if the script status is on enabled / audit mode
@ -32,6 +34,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -44,6 +47,7 @@ fi
 #    echo "There is no /etc/default/cis-hardening file, cannot source CIS_ROOT_DIR variable, aborting"
 #    exit 128
 #else
+# shellcheck source=../../debian/default
 #    . /etc/default/cis-hardening
 #    if [ -z ${CIS_ROOT_DIR:-} ]; then
 #        echo "No CIS_ROOT_DIR variable, aborting"
@ -53,6 +57,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/3.7_disable_ipv6.sh
+++ b/bin/hardening/3.7_disable_ipv6.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable IPv6."

 SYSCTL_PARAMS='net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.lo.disable_ipv6=1'
@ -70,6 +72,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -80,6 +83,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/4.1.1.1_audit_log_storage.sh
+++ b/bin/hardening/4.1.1.1_audit_log_storage.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="Configure audit log storage size."

 FILE='/etc/audit/auditd.conf'
@ -60,6 +62,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -70,6 +73,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/4.1.1.2_halt_when_audit_log_full.sh
+++ b/bin/hardening/4.1.1.2_halt_when_audit_log_full.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="Disable system on audit log full."

 FILE='/etc/audit/auditd.conf'
@ -87,6 +89,7 @@ EOF

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -97,6 +100,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/4.1.1.3_keep_all_audit_logs.sh
+++ b/bin/hardening/4.1.1.3_keep_all_audit_logs.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="Keep all auditing information."

 FILE='/etc/audit/auditd.conf'
@ -78,6 +80,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -88,6 +91,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/4.1.10_record_dac_edit.sh
+++ b/bin/hardening/4.1.10_record_dac_edit.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="Collect discretionary access control (DAC) permission modification events."

 AUDIT_PARAMS='-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod
@ -66,6 +68,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -76,6 +79,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/4.1.11_record_failed_access_file.sh
+++ b/bin/hardening/4.1.11_record_failed_access_file.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="Collect unsuccessful unauthorized access attemps to files."

 AUDIT_PARAMS='-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access
@ -64,6 +66,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -74,6 +77,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/bin/hardening/4.1.12_record_privileged_commands.sh
+++ b/bin/hardening/4.1.12_record_privileged_commands.sh
@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="Collect use of privileged commands."

 # Find all files with setuid or setgid set
@ -65,6 +67,7 @@ check_config() {

 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@ -75,6 +78,7 @@ fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
    . $CIS_ROOT_DIR/lib/main.sh
 else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
--- a/Show More
+++ b/Show More